The present invention relates to a log analysis system, method and apparatus and more particularly to a log analysis system, method and apparatus for analyzing a state of incidents occurred in a network due to transmission of illegal packets or the like.
There is known a method of installing a security apparatus named a firewall (FW) or an intrusion detection system (IDS) as measures for detecting unauthorized access through a network. Further, a method is also known in which the security apparatuses are managed unitarily to analyze the pattern of logs collected by the security apparatuses and compare it with past cases to make it possible to detect incidents occurred in the network more exactly. The incident means the event occurred intentionally or accidentally in connection to the computer security.
JP-A-2002-342276, for example, discloses a technique relative to the intrusion detection system (IDS) as a prior art concerning the former detection method of the unauthorized access. JP-A-2004-336130, for example, discloses a technique of making analysis on the basis of comparison with a past model as a prior art concerning the latter method of analyzing the security event to improve the detection accuracy of incidents.